pam_dce(5)pam_dce(5)NAMEpam_dce - authentication, account, and password management PAM func‐
tions for DCE
SYNOPSIS
/usr/lib/security/libpam_dce.so.1
DESCRIPTION
The DCE PAM modules allow integration of DCE into the system entry ser‐
vices (such as login, telnet, rlogin, ftp) through the pam.conf(4)
file. The DCE service module for PAM consists of the following three
modules: the authentication module, the account management module, and
the password management module. All three modules are supported
through the same loadable library, /usr/lib/security/libpam_dce.so.1 is
the interface that services the requests from These requests will be
communicated to the DCE security server, which in turn sends the
response back to ilogind. This response is then sent back to
/usr/lib/security/libpam_dce.so.1.
Authentication Module
The authentication module certifies the identity of a user and the
user's credentials. It passes the authentication key derived from the
user's password to the DCE Security Service. The Security Service then
uses the authentication key to certify the user and the user's creden‐
tials. The following options can be passed to the authentication mod‐
ule through the pam.conf(4) file:
debug Turn on syslog debugging at the LOG_DEBUG level.
nowarn Turn off warning messages about not being able to
acquire DCE credentials.
use_first_pass Use the initial password (entered when the user
is authenticated to the first authentication mod‐
ule in the stack) to authenticate with DCE. If
the user can not be authenticated or if this is
the first authentication module in the stack,
quit and do not prompt a password. It is recom‐
mended that this option be used only if the
authentication module is designated as optional
in the pam.conf(4) configuration file.
try_first_pass Use the initial password (entered when the user
is authenticated to the first authentication mod‐
ule in the PAM stack) to authenticate with DCE.
If the user cannot be authenticated or if this is
the first authentication module in the stack,
prompt for a password.
A user must be authenticated and the user's credentials set before a
system entry service can access any file directories owned by the user
that are mounted through DTS.
Account Management Module
The account management module provides a function to perform account
management (pam_sm_acct_mgmt(3)). sends a request to the
DCE implementation of pam_sm_acct_mgmt(3) function which retrieves the
user's account and password expiration information from the DCE Secu‐
rity Server and verifies that the user's account and password have not
expired. The following options can be passed to the account module
through the pam.conf(4) file:
debug Turn on syslog debugging at the LOG_DEBUG
level.
nowarn Turn off warning messages displayed when a
user's account and/or password are going to
expire.
pam_sm_acct_mgmt(3) calls the function sec_login_inquire_net_info(3) to
retrieve information about when a user's account and/or password is
going to expire.
Password Management Module
The password management module provides a function to change passwords
(pam_sm_chauthtok(3)). The following options can be passed to the
password module through the pam.conf(4) file:
debug Turn on syslog debugging at the LOG_DEBUG level.
nowarn Turn off warning messages about not being able to
change passwords.
try_first_pass Use the initial password (entered to the first
password module in the PAM stack) to authenticate
with DCE. If the user cannot be authenticated or
if this is the first password module in the
stack, prompt for a password.
use_first_pass Use the initial password (entered to the first
password module in the PAM stack) to authenticate
with DCE. If user cannot be authenticated or if
this is the first password module in the stack,
quit and do not prompt for a password. It is rec‐
ommended that this option be used only if the DCE
password module is designated as optional in the
pam.conf(4) configuration file.
SEE ALSOpam(3), sec_login_setup_identity(3), sec_login_valid_and_cert_ident(3),
sec_login_set_context(3), sec_login_inquire_net_info(3), pam.conf(4),
pam_unix(5)ilogind(1m)HP DCEpam_dce(5)